Commit | Line | Data |
---|---|---|
ec2e4523 PS |
1 | /* |
2 | * fs/cifs/smb2pdu.c | |
3 | * | |
4 | * Copyright (C) International Business Machines Corp., 2009, 2011 | |
5 | * Etersoft, 2012 | |
6 | * Author(s): Steve French (sfrench@us.ibm.com) | |
7 | * Pavel Shilovsky (pshilovsky@samba.org) 2012 | |
8 | * | |
9 | * Contains the routines for constructing the SMB2 PDUs themselves | |
10 | * | |
11 | * This library is free software; you can redistribute it and/or modify | |
12 | * it under the terms of the GNU Lesser General Public License as published | |
13 | * by the Free Software Foundation; either version 2.1 of the License, or | |
14 | * (at your option) any later version. | |
15 | * | |
16 | * This library is distributed in the hope that it will be useful, | |
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
19 | * the GNU Lesser General Public License for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU Lesser General Public License | |
22 | * along with this library; if not, write to the Free Software | |
23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
24 | */ | |
25 | ||
26 | /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */ | |
27 | /* Note that there are handle based routines which must be */ | |
28 | /* treated slightly differently for reconnection purposes since we never */ | |
29 | /* want to reuse a stale file handle and only the caller knows the file info */ | |
30 | ||
31 | #include <linux/fs.h> | |
32 | #include <linux/kernel.h> | |
33 | #include <linux/vfs.h> | |
34 | #include <linux/uaccess.h> | |
35 | #include <linux/xattr.h> | |
36 | #include "smb2pdu.h" | |
37 | #include "cifsglob.h" | |
38 | #include "cifsacl.h" | |
39 | #include "cifsproto.h" | |
40 | #include "smb2proto.h" | |
41 | #include "cifs_unicode.h" | |
42 | #include "cifs_debug.h" | |
43 | #include "ntlmssp.h" | |
44 | #include "smb2status.h" | |
45 | ||
46 | /* | |
47 | * The following table defines the expected "StructureSize" of SMB2 requests | |
48 | * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests. | |
49 | * | |
50 | * Note that commands are defined in smb2pdu.h in le16 but the array below is | |
51 | * indexed by command in host byte order. | |
52 | */ | |
53 | static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { | |
54 | /* SMB2_NEGOTIATE */ 36, | |
55 | /* SMB2_SESSION_SETUP */ 25, | |
56 | /* SMB2_LOGOFF */ 4, | |
57 | /* SMB2_TREE_CONNECT */ 9, | |
58 | /* SMB2_TREE_DISCONNECT */ 4, | |
59 | /* SMB2_CREATE */ 57, | |
60 | /* SMB2_CLOSE */ 24, | |
61 | /* SMB2_FLUSH */ 24, | |
62 | /* SMB2_READ */ 49, | |
63 | /* SMB2_WRITE */ 49, | |
64 | /* SMB2_LOCK */ 48, | |
65 | /* SMB2_IOCTL */ 57, | |
66 | /* SMB2_CANCEL */ 4, | |
67 | /* SMB2_ECHO */ 4, | |
68 | /* SMB2_QUERY_DIRECTORY */ 33, | |
69 | /* SMB2_CHANGE_NOTIFY */ 32, | |
70 | /* SMB2_QUERY_INFO */ 41, | |
71 | /* SMB2_SET_INFO */ 33, | |
72 | /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */ | |
73 | }; | |
74 | ||
75 | ||
76 | static void | |
77 | smb2_hdr_assemble(struct smb2_hdr *hdr, __le16 smb2_cmd /* command */ , | |
78 | const struct cifs_tcon *tcon) | |
79 | { | |
80 | struct smb2_pdu *pdu = (struct smb2_pdu *)hdr; | |
81 | char *temp = (char *)hdr; | |
82 | /* lookup word count ie StructureSize from table */ | |
83 | __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_cmd)]; | |
84 | ||
85 | /* | |
86 | * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of | |
87 | * largest operations (Create) | |
88 | */ | |
89 | memset(temp, 0, 256); | |
90 | ||
91 | /* Note this is only network field converted to big endian */ | |
92 | hdr->smb2_buf_length = cpu_to_be32(parmsize + sizeof(struct smb2_hdr) | |
93 | - 4 /* RFC 1001 length field itself not counted */); | |
94 | ||
95 | hdr->ProtocolId[0] = 0xFE; | |
96 | hdr->ProtocolId[1] = 'S'; | |
97 | hdr->ProtocolId[2] = 'M'; | |
98 | hdr->ProtocolId[3] = 'B'; | |
99 | hdr->StructureSize = cpu_to_le16(64); | |
100 | hdr->Command = smb2_cmd; | |
101 | hdr->CreditRequest = cpu_to_le16(2); /* BB make this dynamic */ | |
102 | hdr->ProcessId = cpu_to_le32((__u16)current->tgid); | |
103 | ||
104 | if (!tcon) | |
105 | goto out; | |
106 | ||
107 | hdr->TreeId = tcon->tid; | |
108 | /* Uid is not converted */ | |
109 | if (tcon->ses) | |
110 | hdr->SessionId = tcon->ses->Suid; | |
111 | /* BB check following DFS flags BB */ | |
112 | /* BB do we have to add check for SHI1005_FLAGS_DFS_ROOT too? */ | |
faaf946a PS |
113 | if (tcon->share_flags & SHI1005_FLAGS_DFS) |
114 | hdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; | |
ec2e4523 PS |
115 | /* BB how does SMB2 do case sensitive? */ |
116 | /* if (tcon->nocase) | |
117 | hdr->Flags |= SMBFLG_CASELESS; */ | |
118 | /* if (tcon->ses && tcon->ses->server && | |
119 | (tcon->ses->server->sec_mode & SECMODE_SIGN_REQUIRED)) | |
120 | hdr->Flags |= SMB2_FLAGS_SIGNED; */ | |
121 | out: | |
122 | pdu->StructureSize2 = cpu_to_le16(parmsize); | |
123 | return; | |
124 | } | |
125 | ||
126 | static int | |
127 | smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) | |
128 | { | |
129 | int rc = 0; | |
aa24d1e9 PS |
130 | struct nls_table *nls_codepage; |
131 | struct cifs_ses *ses; | |
132 | struct TCP_Server_Info *server; | |
133 | ||
134 | /* | |
135 | * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so | |
136 | * check for tcp and smb session status done differently | |
137 | * for those three - in the calling routine. | |
138 | */ | |
139 | if (tcon == NULL) | |
140 | return rc; | |
141 | ||
142 | if (smb2_command == SMB2_TREE_CONNECT) | |
143 | return rc; | |
144 | ||
145 | if (tcon->tidStatus == CifsExiting) { | |
146 | /* | |
147 | * only tree disconnect, open, and write, | |
148 | * (and ulogoff which does not have tcon) | |
149 | * are allowed as we start force umount. | |
150 | */ | |
151 | if ((smb2_command != SMB2_WRITE) && | |
152 | (smb2_command != SMB2_CREATE) && | |
153 | (smb2_command != SMB2_TREE_DISCONNECT)) { | |
154 | cFYI(1, "can not send cmd %d while umounting", | |
155 | smb2_command); | |
156 | return -ENODEV; | |
157 | } | |
158 | } | |
159 | if ((!tcon->ses) || (tcon->ses->status == CifsExiting) || | |
160 | (!tcon->ses->server)) | |
161 | return -EIO; | |
162 | ||
163 | ses = tcon->ses; | |
164 | server = ses->server; | |
165 | ||
166 | /* | |
167 | * Give demultiplex thread up to 10 seconds to reconnect, should be | |
168 | * greater than cifs socket timeout which is 7 seconds | |
169 | */ | |
170 | while (server->tcpStatus == CifsNeedReconnect) { | |
171 | /* | |
172 | * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE | |
173 | * here since they are implicitly done when session drops. | |
174 | */ | |
175 | switch (smb2_command) { | |
176 | /* | |
177 | * BB Should we keep oplock break and add flush to exceptions? | |
178 | */ | |
179 | case SMB2_TREE_DISCONNECT: | |
180 | case SMB2_CANCEL: | |
181 | case SMB2_CLOSE: | |
182 | case SMB2_OPLOCK_BREAK: | |
183 | return -EAGAIN; | |
184 | } | |
185 | ||
186 | wait_event_interruptible_timeout(server->response_q, | |
187 | (server->tcpStatus != CifsNeedReconnect), 10 * HZ); | |
188 | ||
189 | /* are we still trying to reconnect? */ | |
190 | if (server->tcpStatus != CifsNeedReconnect) | |
191 | break; | |
192 | ||
193 | /* | |
194 | * on "soft" mounts we wait once. Hard mounts keep | |
195 | * retrying until process is killed or server comes | |
196 | * back on-line | |
197 | */ | |
198 | if (!tcon->retry) { | |
199 | cFYI(1, "gave up waiting on reconnect in smb_init"); | |
200 | return -EHOSTDOWN; | |
201 | } | |
202 | } | |
203 | ||
204 | if (!tcon->ses->need_reconnect && !tcon->need_reconnect) | |
205 | return rc; | |
206 | ||
207 | nls_codepage = load_nls_default(); | |
208 | ||
209 | /* | |
210 | * need to prevent multiple threads trying to simultaneously reconnect | |
211 | * the same SMB session | |
212 | */ | |
213 | mutex_lock(&tcon->ses->session_mutex); | |
214 | rc = cifs_negotiate_protocol(0, tcon->ses); | |
215 | if (!rc && tcon->ses->need_reconnect) | |
216 | rc = cifs_setup_session(0, tcon->ses, nls_codepage); | |
217 | ||
218 | if (rc || !tcon->need_reconnect) { | |
219 | mutex_unlock(&tcon->ses->session_mutex); | |
220 | goto out; | |
221 | } | |
222 | ||
223 | cifs_mark_open_files_invalid(tcon); | |
224 | rc = SMB2_tcon(0, tcon->ses, tcon->treeName, tcon, nls_codepage); | |
225 | mutex_unlock(&tcon->ses->session_mutex); | |
226 | cFYI(1, "reconnect tcon rc = %d", rc); | |
227 | if (rc) | |
228 | goto out; | |
229 | atomic_inc(&tconInfoReconnectCount); | |
230 | /* | |
231 | * BB FIXME add code to check if wsize needs update due to negotiated | |
232 | * smb buffer size shrinking. | |
233 | */ | |
234 | out: | |
235 | /* | |
236 | * Check if handle based operation so we know whether we can continue | |
237 | * or not without returning to caller to reset file handle. | |
238 | */ | |
239 | /* | |
240 | * BB Is flush done by server on drop of tcp session? Should we special | |
241 | * case it and skip above? | |
242 | */ | |
243 | switch (smb2_command) { | |
244 | case SMB2_FLUSH: | |
245 | case SMB2_READ: | |
246 | case SMB2_WRITE: | |
247 | case SMB2_LOCK: | |
248 | case SMB2_IOCTL: | |
249 | case SMB2_QUERY_DIRECTORY: | |
250 | case SMB2_CHANGE_NOTIFY: | |
251 | case SMB2_QUERY_INFO: | |
252 | case SMB2_SET_INFO: | |
253 | return -EAGAIN; | |
254 | } | |
255 | unload_nls(nls_codepage); | |
ec2e4523 PS |
256 | return rc; |
257 | } | |
258 | ||
259 | /* | |
260 | * Allocate and return pointer to an SMB request hdr, and set basic | |
261 | * SMB information in the SMB header. If the return code is zero, this | |
262 | * function must have filled in request_buf pointer. | |
263 | */ | |
264 | static int | |
265 | small_smb2_init(__le16 smb2_command, struct cifs_tcon *tcon, | |
266 | void **request_buf) | |
267 | { | |
268 | int rc = 0; | |
269 | ||
270 | rc = smb2_reconnect(smb2_command, tcon); | |
271 | if (rc) | |
272 | return rc; | |
273 | ||
274 | /* BB eventually switch this to SMB2 specific small buf size */ | |
275 | *request_buf = cifs_small_buf_get(); | |
276 | if (*request_buf == NULL) { | |
277 | /* BB should we add a retry in here if not a writepage? */ | |
278 | return -ENOMEM; | |
279 | } | |
280 | ||
281 | smb2_hdr_assemble((struct smb2_hdr *) *request_buf, smb2_command, tcon); | |
282 | ||
283 | if (tcon != NULL) { | |
284 | #ifdef CONFIG_CIFS_STATS2 | |
285 | /* | |
286 | uint16_t com_code = le16_to_cpu(smb2_command); | |
287 | cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]); | |
288 | */ | |
289 | #endif | |
290 | cifs_stats_inc(&tcon->num_smbs_sent); | |
291 | } | |
292 | ||
293 | return rc; | |
294 | } | |
295 | ||
296 | static void | |
297 | free_rsp_buf(int resp_buftype, void *rsp) | |
298 | { | |
299 | if (resp_buftype == CIFS_SMALL_BUFFER) | |
300 | cifs_small_buf_release(rsp); | |
301 | else if (resp_buftype == CIFS_LARGE_BUFFER) | |
302 | cifs_buf_release(rsp); | |
303 | } | |
304 | ||
305 | #define SMB2_NUM_PROT 1 | |
306 | ||
307 | #define SMB2_PROT 0 | |
308 | #define SMB21_PROT 1 | |
309 | #define BAD_PROT 0xFFFF | |
310 | ||
311 | #define SMB2_PROT_ID 0x0202 | |
312 | #define SMB21_PROT_ID 0x0210 | |
313 | #define BAD_PROT_ID 0xFFFF | |
314 | ||
315 | static struct { | |
316 | int index; | |
317 | __le16 name; | |
318 | } smb2protocols[] = { | |
319 | {SMB2_PROT, cpu_to_le16(SMB2_PROT_ID)}, | |
320 | {SMB21_PROT, cpu_to_le16(SMB21_PROT_ID)}, | |
321 | {BAD_PROT, cpu_to_le16(BAD_PROT_ID)} | |
322 | }; | |
323 | ||
324 | /* | |
325 | * | |
326 | * SMB2 Worker functions follow: | |
327 | * | |
328 | * The general structure of the worker functions is: | |
329 | * 1) Call smb2_init (assembles SMB2 header) | |
330 | * 2) Initialize SMB2 command specific fields in fixed length area of SMB | |
331 | * 3) Call smb_sendrcv2 (sends request on socket and waits for response) | |
332 | * 4) Decode SMB2 command specific fields in the fixed length area | |
333 | * 5) Decode variable length data area (if any for this SMB2 command type) | |
334 | * 6) Call free smb buffer | |
335 | * 7) return | |
336 | * | |
337 | */ | |
338 | ||
339 | int | |
340 | SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) | |
341 | { | |
342 | struct smb2_negotiate_req *req; | |
343 | struct smb2_negotiate_rsp *rsp; | |
344 | struct kvec iov[1]; | |
345 | int rc = 0; | |
346 | int resp_buftype; | |
347 | struct TCP_Server_Info *server; | |
348 | unsigned int sec_flags; | |
349 | u16 i; | |
350 | u16 temp = 0; | |
351 | int blob_offset, blob_length; | |
352 | char *security_blob; | |
353 | int flags = CIFS_NEG_OP; | |
354 | ||
355 | cFYI(1, "Negotiate protocol"); | |
356 | ||
357 | if (ses->server) | |
358 | server = ses->server; | |
359 | else { | |
360 | rc = -EIO; | |
361 | return rc; | |
362 | } | |
363 | ||
364 | rc = small_smb2_init(SMB2_NEGOTIATE, NULL, (void **) &req); | |
365 | if (rc) | |
366 | return rc; | |
367 | ||
368 | /* if any of auth flags (ie not sign or seal) are overriden use them */ | |
369 | if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) | |
370 | sec_flags = ses->overrideSecFlg; /* BB FIXME fix sign flags?*/ | |
371 | else /* if override flags set only sign/seal OR them with global auth */ | |
372 | sec_flags = global_secflags | ses->overrideSecFlg; | |
373 | ||
374 | cFYI(1, "sec_flags 0x%x", sec_flags); | |
375 | ||
376 | req->hdr.SessionId = 0; | |
377 | ||
378 | for (i = 0; i < SMB2_NUM_PROT; i++) | |
379 | req->Dialects[i] = smb2protocols[i].name; | |
380 | ||
381 | req->DialectCount = cpu_to_le16(i); | |
382 | inc_rfc1001_len(req, i * 2); | |
383 | ||
384 | /* only one of SMB2 signing flags may be set in SMB2 request */ | |
385 | if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) | |
386 | temp = SMB2_NEGOTIATE_SIGNING_REQUIRED; | |
387 | else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */ | |
388 | temp = SMB2_NEGOTIATE_SIGNING_ENABLED; | |
389 | ||
390 | req->SecurityMode = cpu_to_le16(temp); | |
391 | ||
392 | req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS); | |
393 | ||
394 | iov[0].iov_base = (char *)req; | |
395 | /* 4 for rfc1002 length field */ | |
396 | iov[0].iov_len = get_rfc1002_length(req) + 4; | |
397 | ||
398 | rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags); | |
399 | ||
400 | rsp = (struct smb2_negotiate_rsp *)iov[0].iov_base; | |
401 | /* | |
402 | * No tcon so can't do | |
403 | * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); | |
404 | */ | |
405 | if (rc != 0) | |
406 | goto neg_exit; | |
407 | ||
408 | if (rsp == NULL) { | |
409 | rc = -EIO; | |
410 | goto neg_exit; | |
411 | } | |
412 | ||
413 | cFYI(1, "mode 0x%x", rsp->SecurityMode); | |
414 | ||
415 | if (rsp->DialectRevision == smb2protocols[SMB21_PROT].name) | |
416 | cFYI(1, "negotiated smb2.1 dialect"); | |
417 | else if (rsp->DialectRevision == smb2protocols[SMB2_PROT].name) | |
418 | cFYI(1, "negotiated smb2 dialect"); | |
419 | else { | |
420 | cERROR(1, "Illegal dialect returned by server %d", | |
421 | le16_to_cpu(rsp->DialectRevision)); | |
422 | rc = -EIO; | |
423 | goto neg_exit; | |
424 | } | |
425 | server->dialect = le16_to_cpu(rsp->DialectRevision); | |
426 | ||
427 | server->maxBuf = le32_to_cpu(rsp->MaxTransactSize); | |
428 | server->max_read = le32_to_cpu(rsp->MaxReadSize); | |
429 | server->max_write = le32_to_cpu(rsp->MaxWriteSize); | |
430 | /* BB Do we need to validate the SecurityMode? */ | |
431 | server->sec_mode = le16_to_cpu(rsp->SecurityMode); | |
432 | server->capabilities = le32_to_cpu(rsp->Capabilities); | |
433 | ||
434 | security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, | |
435 | &rsp->hdr); | |
436 | if (blob_length == 0) { | |
437 | cERROR(1, "missing security blob on negprot"); | |
438 | rc = -EIO; | |
439 | goto neg_exit; | |
440 | } | |
441 | #ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */ | |
442 | rc = decode_neg_token_init(security_blob, blob_length, | |
443 | &server->sec_type); | |
444 | if (rc == 1) | |
445 | rc = 0; | |
446 | else if (rc == 0) { | |
447 | rc = -EIO; | |
448 | goto neg_exit; | |
449 | } | |
450 | #endif | |
451 | ||
452 | neg_exit: | |
453 | free_rsp_buf(resp_buftype, rsp); | |
454 | return rc; | |
455 | } | |
5478f9ba PS |
456 | |
457 | int | |
458 | SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, | |
459 | const struct nls_table *nls_cp) | |
460 | { | |
461 | struct smb2_sess_setup_req *req; | |
462 | struct smb2_sess_setup_rsp *rsp = NULL; | |
463 | struct kvec iov[2]; | |
464 | int rc = 0; | |
465 | int resp_buftype; | |
466 | __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */ | |
467 | struct TCP_Server_Info *server; | |
468 | unsigned int sec_flags; | |
469 | u8 temp = 0; | |
470 | u16 blob_length = 0; | |
471 | char *security_blob; | |
472 | char *ntlmssp_blob = NULL; | |
473 | bool use_spnego = false; /* else use raw ntlmssp */ | |
474 | ||
475 | cFYI(1, "Session Setup"); | |
476 | ||
477 | if (ses->server) | |
478 | server = ses->server; | |
479 | else { | |
480 | rc = -EIO; | |
481 | return rc; | |
482 | } | |
483 | ||
484 | /* | |
485 | * If memory allocation is successful, caller of this function | |
486 | * frees it. | |
487 | */ | |
488 | ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); | |
489 | if (!ses->ntlmssp) | |
490 | return -ENOMEM; | |
491 | ||
492 | ses->server->secType = RawNTLMSSP; | |
493 | ||
494 | ssetup_ntlmssp_authenticate: | |
495 | if (phase == NtLmChallenge) | |
496 | phase = NtLmAuthenticate; /* if ntlmssp, now final phase */ | |
497 | ||
498 | rc = small_smb2_init(SMB2_SESSION_SETUP, NULL, (void **) &req); | |
499 | if (rc) | |
500 | return rc; | |
501 | ||
502 | /* if any of auth flags (ie not sign or seal) are overriden use them */ | |
503 | if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) | |
504 | sec_flags = ses->overrideSecFlg; /* BB FIXME fix sign flags?*/ | |
505 | else /* if override flags set only sign/seal OR them with global auth */ | |
506 | sec_flags = global_secflags | ses->overrideSecFlg; | |
507 | ||
508 | cFYI(1, "sec_flags 0x%x", sec_flags); | |
509 | ||
510 | req->hdr.SessionId = 0; /* First session, not a reauthenticate */ | |
511 | req->VcNumber = 0; /* MBZ */ | |
512 | /* to enable echos and oplocks */ | |
513 | req->hdr.CreditRequest = cpu_to_le16(3); | |
514 | ||
515 | /* only one of SMB2 signing flags may be set in SMB2 request */ | |
516 | if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) | |
517 | temp = SMB2_NEGOTIATE_SIGNING_REQUIRED; | |
518 | else if (ses->server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) | |
519 | temp = SMB2_NEGOTIATE_SIGNING_REQUIRED; | |
520 | else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */ | |
521 | temp = SMB2_NEGOTIATE_SIGNING_ENABLED; | |
522 | ||
523 | req->SecurityMode = temp; | |
524 | req->Capabilities = 0; | |
525 | req->Channel = 0; /* MBZ */ | |
526 | ||
527 | iov[0].iov_base = (char *)req; | |
528 | /* 4 for rfc1002 length field and 1 for pad */ | |
529 | iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; | |
530 | if (phase == NtLmNegotiate) { | |
531 | ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE), | |
532 | GFP_KERNEL); | |
533 | if (ntlmssp_blob == NULL) { | |
534 | rc = -ENOMEM; | |
535 | goto ssetup_exit; | |
536 | } | |
537 | build_ntlmssp_negotiate_blob(ntlmssp_blob, ses); | |
538 | if (use_spnego) { | |
539 | /* blob_length = build_spnego_ntlmssp_blob( | |
540 | &security_blob, | |
541 | sizeof(struct _NEGOTIATE_MESSAGE), | |
542 | ntlmssp_blob); */ | |
543 | /* BB eventually need to add this */ | |
544 | cERROR(1, "spnego not supported for SMB2 yet"); | |
545 | rc = -EOPNOTSUPP; | |
546 | kfree(ntlmssp_blob); | |
547 | goto ssetup_exit; | |
548 | } else { | |
549 | blob_length = sizeof(struct _NEGOTIATE_MESSAGE); | |
550 | /* with raw NTLMSSP we don't encapsulate in SPNEGO */ | |
551 | security_blob = ntlmssp_blob; | |
552 | } | |
553 | } else if (phase == NtLmAuthenticate) { | |
554 | req->hdr.SessionId = ses->Suid; | |
555 | ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500, | |
556 | GFP_KERNEL); | |
557 | if (ntlmssp_blob == NULL) { | |
558 | cERROR(1, "failed to malloc ntlmssp blob"); | |
559 | rc = -ENOMEM; | |
560 | goto ssetup_exit; | |
561 | } | |
562 | rc = build_ntlmssp_auth_blob(ntlmssp_blob, &blob_length, ses, | |
563 | nls_cp); | |
564 | if (rc) { | |
565 | cFYI(1, "build_ntlmssp_auth_blob failed %d", rc); | |
566 | goto ssetup_exit; /* BB double check error handling */ | |
567 | } | |
568 | if (use_spnego) { | |
569 | /* blob_length = build_spnego_ntlmssp_blob( | |
570 | &security_blob, | |
571 | blob_length, | |
572 | ntlmssp_blob); */ | |
573 | cERROR(1, "spnego not supported for SMB2 yet"); | |
574 | rc = -EOPNOTSUPP; | |
575 | kfree(ntlmssp_blob); | |
576 | goto ssetup_exit; | |
577 | } else { | |
578 | security_blob = ntlmssp_blob; | |
579 | } | |
580 | } else { | |
581 | cERROR(1, "illegal ntlmssp phase"); | |
582 | rc = -EIO; | |
583 | goto ssetup_exit; | |
584 | } | |
585 | ||
586 | /* Testing shows that buffer offset must be at location of Buffer[0] */ | |
587 | req->SecurityBufferOffset = | |
588 | cpu_to_le16(sizeof(struct smb2_sess_setup_req) - | |
589 | 1 /* pad */ - 4 /* rfc1001 len */); | |
590 | req->SecurityBufferLength = cpu_to_le16(blob_length); | |
591 | iov[1].iov_base = security_blob; | |
592 | iov[1].iov_len = blob_length; | |
593 | ||
594 | inc_rfc1001_len(req, blob_length - 1 /* pad */); | |
595 | ||
596 | /* BB add code to build os and lm fields */ | |
597 | ||
598 | rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, CIFS_LOG_ERROR); | |
599 | ||
600 | kfree(security_blob); | |
601 | rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base; | |
602 | if (rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) { | |
603 | if (phase != NtLmNegotiate) { | |
604 | cERROR(1, "Unexpected more processing error"); | |
605 | goto ssetup_exit; | |
606 | } | |
607 | if (offsetof(struct smb2_sess_setup_rsp, Buffer) - 4 != | |
608 | le16_to_cpu(rsp->SecurityBufferOffset)) { | |
609 | cERROR(1, "Invalid security buffer offset %d", | |
610 | le16_to_cpu(rsp->SecurityBufferOffset)); | |
611 | rc = -EIO; | |
612 | goto ssetup_exit; | |
613 | } | |
614 | ||
615 | /* NTLMSSP Negotiate sent now processing challenge (response) */ | |
616 | phase = NtLmChallenge; /* process ntlmssp challenge */ | |
617 | rc = 0; /* MORE_PROCESSING is not an error here but expected */ | |
618 | ses->Suid = rsp->hdr.SessionId; | |
619 | rc = decode_ntlmssp_challenge(rsp->Buffer, | |
620 | le16_to_cpu(rsp->SecurityBufferLength), ses); | |
621 | } | |
622 | ||
623 | /* | |
624 | * BB eventually add code for SPNEGO decoding of NtlmChallenge blob, | |
625 | * but at least the raw NTLMSSP case works. | |
626 | */ | |
627 | /* | |
628 | * No tcon so can't do | |
629 | * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); | |
630 | */ | |
631 | if (rc != 0) | |
632 | goto ssetup_exit; | |
633 | ||
634 | if (rsp == NULL) { | |
635 | rc = -EIO; | |
636 | goto ssetup_exit; | |
637 | } | |
638 | ||
639 | ses->session_flags = le16_to_cpu(rsp->SessionFlags); | |
640 | ssetup_exit: | |
641 | free_rsp_buf(resp_buftype, rsp); | |
642 | ||
643 | /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */ | |
644 | if ((phase == NtLmChallenge) && (rc == 0)) | |
645 | goto ssetup_ntlmssp_authenticate; | |
646 | return rc; | |
647 | } | |
648 | ||
649 | int | |
650 | SMB2_logoff(const unsigned int xid, struct cifs_ses *ses) | |
651 | { | |
652 | struct smb2_logoff_req *req; /* response is also trivial struct */ | |
653 | int rc = 0; | |
654 | struct TCP_Server_Info *server; | |
655 | ||
656 | cFYI(1, "disconnect session %p", ses); | |
657 | ||
658 | if (ses && (ses->server)) | |
659 | server = ses->server; | |
660 | else | |
661 | return -EIO; | |
662 | ||
663 | rc = small_smb2_init(SMB2_LOGOFF, NULL, (void **) &req); | |
664 | if (rc) | |
665 | return rc; | |
666 | ||
667 | /* since no tcon, smb2_init can not do this, so do here */ | |
668 | req->hdr.SessionId = ses->Suid; | |
669 | ||
670 | rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0); | |
671 | /* | |
672 | * No tcon so can't do | |
673 | * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); | |
674 | */ | |
675 | return rc; | |
676 | } | |
faaf946a PS |
677 | |
678 | static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code) | |
679 | { | |
680 | /* cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[code]); */ | |
681 | } | |
682 | ||
683 | #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */) | |
684 | ||
685 | int | |
686 | SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, | |
687 | struct cifs_tcon *tcon, const struct nls_table *cp) | |
688 | { | |
689 | struct smb2_tree_connect_req *req; | |
690 | struct smb2_tree_connect_rsp *rsp = NULL; | |
691 | struct kvec iov[2]; | |
692 | int rc = 0; | |
693 | int resp_buftype; | |
694 | int unc_path_len; | |
695 | struct TCP_Server_Info *server; | |
696 | __le16 *unc_path = NULL; | |
697 | ||
698 | cFYI(1, "TCON"); | |
699 | ||
700 | if ((ses->server) && tree) | |
701 | server = ses->server; | |
702 | else | |
703 | return -EIO; | |
704 | ||
705 | if (tcon && tcon->bad_network_name) | |
706 | return -ENOENT; | |
707 | ||
708 | unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); | |
709 | if (unc_path == NULL) | |
710 | return -ENOMEM; | |
711 | ||
712 | unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1; | |
713 | unc_path_len *= 2; | |
714 | if (unc_path_len < 2) { | |
715 | kfree(unc_path); | |
716 | return -EINVAL; | |
717 | } | |
718 | ||
719 | rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req); | |
720 | if (rc) { | |
721 | kfree(unc_path); | |
722 | return rc; | |
723 | } | |
724 | ||
725 | if (tcon == NULL) { | |
726 | /* since no tcon, smb2_init can not do this, so do here */ | |
727 | req->hdr.SessionId = ses->Suid; | |
728 | /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED) | |
729 | req->hdr.Flags |= SMB2_FLAGS_SIGNED; */ | |
730 | } | |
731 | ||
732 | iov[0].iov_base = (char *)req; | |
733 | /* 4 for rfc1002 length field and 1 for pad */ | |
734 | iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; | |
735 | ||
736 | /* Testing shows that buffer offset must be at location of Buffer[0] */ | |
737 | req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req) | |
738 | - 1 /* pad */ - 4 /* do not count rfc1001 len field */); | |
739 | req->PathLength = cpu_to_le16(unc_path_len - 2); | |
740 | iov[1].iov_base = unc_path; | |
741 | iov[1].iov_len = unc_path_len; | |
742 | ||
743 | inc_rfc1001_len(req, unc_path_len - 1 /* pad */); | |
744 | ||
745 | rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0); | |
746 | rsp = (struct smb2_tree_connect_rsp *)iov[0].iov_base; | |
747 | ||
748 | if (rc != 0) { | |
749 | if (tcon) { | |
750 | cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE); | |
751 | tcon->need_reconnect = true; | |
752 | } | |
753 | goto tcon_error_exit; | |
754 | } | |
755 | ||
756 | if (rsp == NULL) { | |
757 | rc = -EIO; | |
758 | goto tcon_exit; | |
759 | } | |
760 | ||
761 | if (tcon == NULL) { | |
762 | ses->ipc_tid = rsp->hdr.TreeId; | |
763 | goto tcon_exit; | |
764 | } | |
765 | ||
766 | if (rsp->ShareType & SMB2_SHARE_TYPE_DISK) | |
767 | cFYI(1, "connection to disk share"); | |
768 | else if (rsp->ShareType & SMB2_SHARE_TYPE_PIPE) { | |
769 | tcon->ipc = true; | |
770 | cFYI(1, "connection to pipe share"); | |
771 | } else if (rsp->ShareType & SMB2_SHARE_TYPE_PRINT) { | |
772 | tcon->print = true; | |
773 | cFYI(1, "connection to printer"); | |
774 | } else { | |
775 | cERROR(1, "unknown share type %d", rsp->ShareType); | |
776 | rc = -EOPNOTSUPP; | |
777 | goto tcon_error_exit; | |
778 | } | |
779 | ||
780 | tcon->share_flags = le32_to_cpu(rsp->ShareFlags); | |
781 | tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess); | |
782 | tcon->tidStatus = CifsGood; | |
783 | tcon->need_reconnect = false; | |
784 | tcon->tid = rsp->hdr.TreeId; | |
785 | strncpy(tcon->treeName, tree, MAX_TREE_SIZE); | |
786 | ||
787 | if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && | |
788 | ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) | |
789 | cERROR(1, "DFS capability contradicts DFS flag"); | |
790 | ||
791 | tcon_exit: | |
792 | free_rsp_buf(resp_buftype, rsp); | |
793 | kfree(unc_path); | |
794 | return rc; | |
795 | ||
796 | tcon_error_exit: | |
797 | if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) { | |
798 | cERROR(1, "BAD_NETWORK_NAME: %s", tree); | |
799 | tcon->bad_network_name = true; | |
800 | } | |
801 | goto tcon_exit; | |
802 | } | |
803 | ||
804 | int | |
805 | SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon) | |
806 | { | |
807 | struct smb2_tree_disconnect_req *req; /* response is trivial */ | |
808 | int rc = 0; | |
809 | struct TCP_Server_Info *server; | |
810 | struct cifs_ses *ses = tcon->ses; | |
811 | ||
812 | cFYI(1, "Tree Disconnect"); | |
813 | ||
814 | if (ses && (ses->server)) | |
815 | server = ses->server; | |
816 | else | |
817 | return -EIO; | |
818 | ||
819 | if ((tcon->need_reconnect) || (tcon->ses->need_reconnect)) | |
820 | return 0; | |
821 | ||
822 | rc = small_smb2_init(SMB2_TREE_DISCONNECT, tcon, (void **) &req); | |
823 | if (rc) | |
824 | return rc; | |
825 | ||
826 | rc = SendReceiveNoRsp(xid, ses, (char *)&req->hdr, 0); | |
827 | if (rc) | |
828 | cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE); | |
829 | ||
830 | return rc; | |
831 | } |